Owen wrote:
> I have a cgi script that processes a form in which the following line of code
> is found
>
> $name =~ s/[`\\"_|!\$\.\^]//g; #remove likely malicious bad characters
>
> Just wondering if there is a better way to do this as I suspect I am a little
> naive.
>
> Need to pass only the low ascii set [A..Za..z] and the ' for names like
> O'Reilly. Maybe I should return the form
>
> unless ($name =~ /[A..Za..z\']){return to form}
>
> Any advice welcomed
Found in /usr/lib/perl5/5.8.6/pod/perlfaq9.pod
How do I make sure users can’t enter values into a form that cause my
CGI script to do bad things?
See the security references listed in the CGI Meta FAQ
http://www.perl.org/CGI_MetaFAQ.html
John
--
use Perl;
program
fulfillment
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
